Forum OpenACS Improvement Proposals (TIPs): Re: TIP#122 Made as_session_id_sec secure cookie

Collapse
Posted by Dave Bauer on
I found a bug in that the ad_session_id cookie is still sent for secure connections.

The change is to set the secure cookie on all connectons, and only read the secure cookie on secure connections, I am testing this implementation now.

Collapse
Posted by Dave Bauer on
Looks like this never got completed! I am looking into making sure this works.